josch/mmdebstrap
2
3
Fork 6
Code Issues 8 Pull requests 1 Projects Releases Wiki Activity

mount /sys and /proc as read-only in root mode

Browse source
This commit is contained in:
Johannes 'josch' Schauer 2020-01-24 10:14:10 +01:00
parent a8fa48fbc7
commit c4a47947ab
Signed by: josch
GPG key ID: F2CBA5C78FBD83E1
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
mmdebstrap
View file

@ -929,8 +929,9 @@ sub run_chroot {
or warn "umount /sys failed: $?"; or warn "umount /sys failed: $?";
}; };
0 == system( 0 == system(
'mount', '-t', 'sysfs', '-o', 'mount', '-t', 'sysfs',
'nosuid,nodev,noexec', 'sys', "$options->{root}/sys" '-o', 'ro,nosuid,nodev,noexec', 'sys',
"$options->{root}/sys"
) or error "mount /sys failed: $?"; ) or error "mount /sys failed: $?";
} elsif ($options->{mode} eq 'unshare') { } elsif ($options->{mode} eq 'unshare') {
# naturally we have to clean up after ourselves in sudo mode where # naturally we have to clean up after ourselves in sudo mode where
@ -978,7 +979,8 @@ sub run_chroot {
0 == system('umount', "$options->{root}/proc") 0 == system('umount', "$options->{root}/proc")
or error "umount /proc failed: $?"; or error "umount /proc failed: $?";
}; };
0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc") 0 == system('mount', '-t', 'proc', '-o', 'ro', 'proc',
"$options->{root}/proc")
or error "mount /proc failed: $?"; or error "mount /proc failed: $?";
} elsif ($options->{mode} eq 'unshare') { } elsif ($options->{mode} eq 'unshare') {
# naturally we have to clean up after ourselves in sudo mode where # naturally we have to clean up after ourselves in sudo mode where